PDA

View Full Version : Spyware/Malware....Help


TechPro
05-09-2008, 10:31 AM
Hello All,

Calling on all spyware/malware experts. I rarely clean up infected machines because I work in a corporate environment we tend to put measures in place to stop machines getting infected in the first place i.e. firewalls, av and patching(wsus).

I recently agreed to clean up a friendís pc as a favor, I got it clean in the end but it took me a while. I used two old favoritesí spybot and ad-ware, oh and also avg. I hear that spybot and ad-aware are old tools now and there are much quicker ways of doing things. So I'm asking you guys that deal with this stuff every day what your favorite tools and tips are to get things done quickly and efficiently??

Thanks :)

geekhelp4u
05-09-2008, 12:17 PM
SuperAntiSpyware... http://www.superantispyware.com/

I have also found windows defender to be a decent malware detection tool, although I still think ad aware is much better! I also use spybot as well. Other tools i use... spyware sweeper, spyware terminator, ccleaner, atf cleaner, hitman pro, cw shredder, spyware doctor

if all of these can't fix it... time for a system wipe!

gunslinger
05-09-2008, 02:24 PM
I use portable versions of Spybot & Ad-aware, and Superantispyware. I also use Hitman pro and CW shredder. I agree that if all this plus a good antivirus does not fix it, its time to reinstall.

evilfantasy
05-10-2008, 05:20 AM
Malwarebytes' Anti-Malware

Download from Malwarebytes.org (http://www.malwarebytes.org/mbam/database/mbam-rules.exe)

Nathan H
05-10-2008, 11:01 PM
I Agree with Chris and Gunslinger.

One thing I do recommend though is using ATF cleaner and C Cleaner first, THEN use Ad-aware & Spybot.

This seems to speed up scanning..

greggh
05-12-2008, 08:13 PM
If it turns out to be one of the more evil ones from the zlob, zharin, or storm families you might need to use something stronger. If you dont they will return a few days later. They all incorporate rootkits and other fun ways of detecting your cleanup and hiding for a seemingly random amount of time then returning.

Your best bet to get these newer ones is a combination of SmitFraudFix, SDFix and ComboFix. In that order.

SmitFraudFix: http://siri.geekstogo.com/SmitfraudFix.php
SDFix: http://www.bleepingcomputer.com/forums/topic131299.html
ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Using them all in a row takes me about 1 hour. But it normally cleans up 99% of the problem. Then I can just do ccleaner to clear the junk and then spybot s&d to get the rest. Add in the new (finally updated) spyware blaster and thats most of the work. At the end I do a little of it by hand, just making sure everything is really clean with hijackthis and ezpcfix.

evilfantasy
05-12-2008, 08:23 PM
After running Combofix be sure to use the uninstall command.

Start > Run > type combofix /u then hit enter. Make sure there's a space between Combofix and /u

The above procedure will:

Delete:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

TechPro
05-13-2008, 12:01 PM
If it turns out to be one of the more evil ones from the zlob, zharin, or storm families you might need to use something stronger. If you dont they will return a few days later. They all incorporate rootkits and other fun ways of detecting your cleanup and hiding for a seemingly random amount of time then returning.

Your best bet to get these newer ones is a combination of SmitFraudFix, SDFix and ComboFix. In that order.

SmitFraudFix: http://siri.geekstogo.com/SmitfraudFix.php
SDFix: http://www.bleepingcomputer.com/forums/topic131299.html
ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Using them all in a row takes me about 1 hour. But it normally cleans up 99% of the problem. Then I can just do ccleaner to clear the junk and then spybot s&d to get the rest. Add in the new (finally updated) spyware blaster and thats most of the work. At the end I do a little of it by hand, just making sure everything is really clean with hijackthis and ezpcfix.

Thanks for the advice greggh, they look like really good tools. I will add them tools to my usb stick, hopefully they will save me some time! Maybe this is a subject for an article.....seems like things have moved on since the days of spybot/adaware combo.

greggh
05-13-2008, 02:36 PM
Thanks for the advice greggh, they look like really good tools. I will add them tools to my usb stick, hopefully they will save me some time! Maybe this is a subject for an article.....seems like things have moved on since the days of spybot/adaware combo.

They really have. These new tools are really useful and pretty much necessary today.